• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.13.19, 8.20.7, 8.22.1
• Affects Version/s: 8.5.0, 8.13.0
• Component/s: Security
• Labels:

  • CVE-2021-41313
  • advisory
  • advisory-released
  • dont-import
  • security

[JRASERVER-72898] Privilege escalation leads unauthorized user to edit email batch configurations - CVE-2021-41313

Mandeep Jadon made changes - 21/Feb/2023 3:40 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 733515 ]

Sen Geronimo made changes - 04/Oct/2022 6:20 AM

Component/s

New: Security [ 68109 ]

Manisha Sangwan made changes - 04/Oct/2022 6:20 AM

Labels

Original: CVE-2021-41313 advisory advisory-to-release dont-import security

New: CVE-2021-41313 advisory advisory-released dont-import security

Manisha Sangwan made changes - 04/Oct/2022 6:19 AM

Status

Original: Published [ 12873 ]

New: Published [ 12873 ]

AB made changes - 27/Sep/2022 11:51 PM

Description

Original: Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1. *Affected versions:*  * version < 8.20.1 *Fixed versions:*  * 8.20.1  * 8.21.0

New: Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. *Affected versions:*  * version < 8.20.7 *Fixed versions:*  * 8.20.7  * 8.21.0

Karol Skwierawski made changes - 13/Jun/2022 2:43 PM

Fix Version/s	Original: 8.20.1 [ 97808 ]
Fix Version/s	Original: 8.21.0 [ 97591 ]
Fix Version/s		New: 8.13.19 [ 99492 ]
Fix Version/s		New: 8.20.7 [ 99493 ]
Fix Version/s		New: 8.22.1 [ 99792 ]

AB made changes - 24/Feb/2022 2:23 AM

Description

Original: Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.0. *Affected versions:*  * version < 8.20.0 *Fixed versions:*  * 8.20.0  * 8.21.0

New: Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1. *Affected versions:*  * version < 8.20.1 *Fixed versions:*  * 8.20.1  * 8.21.0

AB made changes - 24/Feb/2022 2:23 AM

Fix Version/s	Original: 8.20.0 [ 95692 ]
Fix Version/s		New: 8.20.1 [ 97808 ]

AB made changes - 23/Feb/2022 10:58 PM

Description

Original: Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.21.0. *Affected versions:*  * version < 8.21.0 *Fixed versions:*  * 8.21.0

New: Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.0. *Affected versions:*  * version < 8.20.0 *Fixed versions:*  * 8.20.0  * 8.21.0

AB made changes - 23/Feb/2022 10:57 PM

Fix Version/s

New: 8.20.0 [ 95692 ]

Load more older history items